[jira] [Comment Edited] (COMPRESS-713) Unchecked pre-decremental notation in for-loop as array index causes ArrayOutOfBounds access

Fri, 05 Dec 2025 11:11:09 -0800 


    [ 
https://issues.apache.org/jira/browse/COMPRESS-713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18043136#comment-18043136
 ] 

Gary D. Gregory edited comment on COMPRESS-713 at 12/5/25 7:10 PM:
-------------------------------------------------------------------

Hello [~pbebr]

The results of your fuzz testing are useful.

Thank you,
Gary


was (Author: garydgregory):
Hello [~pbebr]

The results of your fuzz testing is useful.

Thank you,
Gary

> Unchecked pre-decremental notation in for-loop as array index causes 
> ArrayOutOfBounds access
> --------------------------------------------------------------------------------------------
>
>                 Key: COMPRESS-713
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-713
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Compressors
>         Environment: Ubuntu 24.04
> $ java --version
> openjdk 21.0.8 2025-07-15
> OpenJDK Runtime Environment (build 21.0.8+9-Ubuntu-0ubuntu124.04.1)
> OpenJDK 64-Bit Server VM (build 21.0.8+9-Ubuntu-0ubuntu124.04.1, mixed mode, 
> sharing)
>            Reporter: Philip Betzler-Braun
>            Priority: Major
>         Attachments: ArrayOutOfBoundsZipInArchiveInputStreamReproducer.java
>
>
> *Issue:* 
> LZWInputStream 
> (org.apache.commons.compress.compressors.lzw.LZWInputStream.expandCodeToOutputStack(LZWInputStream.java:150))
>   contains a byte array outputStack with the size 8192 and an int 
> outputStackLocation that is used to find the position to write to in the 
> stack. In the function expandCodeToOutputStack (LZWInputStream.java:150) 
> there is a C-style pre-decremental statement that is executed in a for-loop 
> and never checks what it's value is and if the loop goes on for more then 
> 8192 iterations, it causes an ArrayOutOfBounds access to the outputStack byte 
> array.
>  
> Begin: LZWInputStream.java:149
> {code:java}
> for (int entry = code; entry >= 0; entry = prefixes[entry]) {
>     outputStack[--outputStackLocation] = characters[entry];
> } {code}
>  
> *Suggestion:*
>  * Catch the ArrayOutOfBounds exception and throw a library specific 
> exception.
>  
> *Reproduction:*
> (reprocuder in attached file -> intended location is: 
> src/test/java/org/apache/commons/compress/archivers/zip/ArrayOutOfBoundsZipInArchiveInputStreamReproducer.java)
> [^ArrayOutOfBoundsZipInArchiveInputStreamReproducer.java]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to